Hi Manav,
I think it's fine to use the Key ID to also indicate the authentication
type. However the name Key ID seems inappropriate since it now indicates
more than just the key. I suggest to use a different name for this
field, such as SA ID.
Regards,
Michael
On 01/24/2011 03:07 PM, Bhatia, Manav (Manav) wrote:
Hi Rajesh,
I agree that such a distinction is indeed required. However, cant the
KeyID be used for such purposes? How about also associating the
authentication type with the Key ID. Thus one knows that if the incoming
packet is coming with KeyID X then its normal cryptographic
authentication, and if its coming with Y, then its the crypto session
with Session ID and Nonce. This would also dictate how this packet
should be further parsed.
I am btw also amenable to the idea of breaking the 16 bit reserved field
into an 8 bit reserved field and an 8 bit AuType field. However, just
want to make sure that we absolutely need this before doing it.
Would also like to hear what others in WG think about this.
Cheers, Manav
*From:* [email protected] [mailto:[email protected]] *On
Behalf Of *Rajesh Shetty
*Sent:* Friday, January 21, 2011 7.32 AM
*To:* [email protected]
*Subject:* [OSPF] AUTH TYPE
Hi Manav,
Auth Type we might need to add in AT(Authentication Trailer) Header
for extensibility.
Currently itself we can see the usage of Auth Type.
Auth Type = 0 = Cryptographic authentication
Auth Type = 1 (May be) = Cryptographic authentication with Session
ID/Nonce support (security extension for ospfv3 when using manual
key management)
So its better to replace Reserved filed with Auth Type.
Thanks
Rajesh.
_______________________________________________
OSPF mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ospf
